6f4571882606ee838590243876609effc6a78455fde3a908ed9f9220758c8eb9 | Triage

Resubmissions

08-06-2024 12:42

240608-pxlddscf48 3

08-06-2024 12:30

240608-ppln7abf6x 3

08-06-2024 12:10

240608-pcgjpsbe4y 3

08-06-2024 10:05

240608-l4xs8abg25 3

22-05-2024 02:11

240522-cl9wdsha43 3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:11

Sharing

Report Analysis Logs

General

Target

58a728da4e405ca979e73e774fe72fb9.exe
Size

449KB
MD5

58a728da4e405ca979e73e774fe72fb9
SHA1

33bfff315ba2bdef39002d8cc066b513cfe70aae
SHA256

6f4571882606ee838590243876609effc6a78455fde3a908ed9f9220758c8eb9
SHA512

660748265950e3a7836c273a8bdba75296993c4510256bda4b531cb85f68b6f00652d584326bf0df5615265a88220a5f6fd4f5af09c59679e3debe6818cd3dce
SSDEEP

1536:wC4qH594gLbOWgoI9CKtc4x9Rfy+3YVad1R:wCB3rSJ3CsrkUd1R

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

58a728da4e405ca979e73e774fe72fb9.exe

description	pid	process	target process
PID 1752 wrote to memory of 2148	1752	58a728da4e405ca979e73e774fe72fb9.exe	WerFault.exe
PID 1752 wrote to memory of 2148	1752	58a728da4e405ca979e73e774fe72fb9.exe	WerFault.exe
PID 1752 wrote to memory of 2148	1752	58a728da4e405ca979e73e774fe72fb9.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\58a728da4e405ca979e73e774fe72fb9.exe
"C:\Users\Admin\AppData\Local\Temp\58a728da4e405ca979e73e774fe72fb9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1752 -s 528
2⤵
PID:2148

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-0-0x000007FEF56E3000-0x000007FEF56E4000-memory.dmp

Filesize
4KB

Download
memory/1752-1-0x0000000000150000-0x00000000001C6000-memory.dmp

Filesize
472KB

Download
memory/1752-2-0x000007FEF56E3000-0x000007FEF56E4000-memory.dmp

Filesize
4KB

Download